Authorization
In Planon Software Suite authorization is based on the principle of separating data and functionality. An administrator can therefore create:
User groups, which can be used in two ways:
To combine data and functional access
To separate data and functional access
Function profiles to specify the functionality (such as data fields, actions and status transitions) to be made available to certain users.
Authorization filters to limit users to accessing specific data.
By linking a function profile and authorization filters to a user group you can determine the rights of the users of this particular user group.
Authorization filter
Funtion profile
Access to data:
Access to functionality:
No access
Read-only access
Modify
Fields
Status transitions
Actions

When using this type of profile, the combination of user groups grants access to specific data. By linking users to multiple user groups, access to data is expanded.
Or, alternatively, you can separate functional access and data access by applying split role and data:
Authorization filter
Funtion profile
Access to data:
Access to functionality:
No access
Read-only access
Modify
Fields
Status transitions
Actions
When using this profile, the combination of user groups grants specific access to data. When using authorization links, this type of combining profiles acts restricting as is explained in Separating data access and functional access.
For more information on the concepts used in Authorization, see Authorization concepts.